DNAT woes
Nigel Morse
N.Morse@hyperknowledge.com
Mon, 13 Aug 2001 20:40:50 +0100
But then if 192.168.80.2 is on the same network as internally, why can't the
clients use that address straight off and talk directly to the mail machine
without going via the firewall?
Try a tcpdump and see if the output of that helps.
Cheers
Nigel
> Actually, it helped alot! but not completely.
>
> (BTW, I only have 2 interfaces-- eth0 internal, eth1 ISP)
> Adding the -i eth1 gives me the following results:
> I can now go out from port 25. This is good! I can send mail out..
> Any requests from the internal LAN to port 25 of the firewall
> gives me a
> connection refused...
> because it's not forwarding the ports on eth0 and the
> firewall isn't running
> a mail server.
>